package com.adobe.cq.social.commons.security;

import com.adobe.cq.social.commons.SaferSlingPostValidator;
import com.adobe.cq.social.commons.client.endpoints.DefaultSocialGetServlet;
import com.day.cq.mcm.exacttarget.ExactTargetConstants;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.RequestDispatcher;
import javax.servlet.Servlet;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Properties;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.Service;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
import org.apache.sling.api.request.RequestDispatcherOptions;
import org.apache.sling.api.request.RequestPathInfo;
import org.apache.sling.api.servlets.OptingServlet;
import org.apache.sling.api.servlets.SlingAllMethodsServlet;
import org.apache.sling.commons.compiler.Options;
import org.apache.sling.engine.EngineConstants;

@Service({Servlet.class, Filter.class})
@Component(immediate = true, specVersion = Options.VERSION_1_1, metatype = false)
@Properties({@Property(name = "service.description", value = {"AEM Social Communities Safer Sling Post Servlet"}, propertyPrivate = true), @Property(name = "service.vendor", value = {"Adobe Systems Incorporated"}, propertyPrivate = true), @Property(name = "service.ranking", intValue = {2147482647}, propertyPrivate = true), @Property(name = EngineConstants.SLING_FILTER_SCOPE, value = {EngineConstants.FILTER_SCOPE_REQUEST}, propertyPrivate = true), @Property(name = "sling.servlet.resourceTypes", value = {SaferSlingPostServlet.POST_SERVLET_RESOURCE_TYPE}, propertyPrivate = true), @Property(name = "sling.servlet.selectors", value = {DefaultSocialGetServlet.DEFAULT_SELECTOR}, propertyPrivate = true), @Property(name = "sling.servlet.methods", value = {"POST"}, propertyPrivate = true)})
/* loaded from: input_file:com/adobe/cq/social/commons/security/SaferSlingPostServlet.class */
public class SaferSlingPostServlet extends SlingAllMethodsServlet implements Filter, OptingServlet {
    static final String POST_SERVLET_RESOURCE_TYPE = "sling/servlet/default";
    private static final long serialVersionUID = 1;
    private static final String DROP_SELECTORS_ATTRIBUTE = SaferSlingPostServlet.class.getName() + ".dropSelectors";
    private static final String ACCEPTED_ATTRIBUTE = SaferSlingPostServlet.class.getName() + ".accepted";

    @Reference
    private SaferSlingPostValidator validator;

    @Override // org.apache.sling.api.servlets.SlingAllMethodsServlet
    protected void doPost(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse) throws ServletException, IOException {
        if (this.validator.reject(slingHttpServletRequest)) {
            slingHttpServletResponse.sendError(400);
            return;
        }
        RequestDispatcherOptions requestDispatcherOptions = new RequestDispatcherOptions();
        if (slingHttpServletRequest.getAttribute(DROP_SELECTORS_ATTRIBUTE) != null) {
            requestDispatcherOptions.setReplaceSelectors("");
        }
        RequestDispatcher requestDispatcher = slingHttpServletRequest.getRequestDispatcher(slingHttpServletRequest.getRequestPathInfo().getResourcePath(), requestDispatcherOptions);
        slingHttpServletRequest.setAttribute(ACCEPTED_ATTRIBUTE, true);
        requestDispatcher.include(slingHttpServletRequest, slingHttpServletResponse);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!(servletRequest instanceof SlingHttpServletRequest) || !"POST".equals(((SlingHttpServletRequest) servletRequest).getMethod())) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        SlingHttpServletRequest slingHttpServletRequest = (SlingHttpServletRequest) servletRequest;
        RequestPathInfo requestPathInfo = slingHttpServletRequest.getRequestPathInfo();
        String checkSelectors = checkSelectors(slingHttpServletRequest, requestPathInfo);
        if (checkSelectors == null) {
            checkSelectors = checkSuffix(slingHttpServletRequest, requestPathInfo);
        }
        if (checkSelectors != null) {
            include(slingHttpServletRequest, servletResponse, requestPathInfo, checkSelectors);
        } else {
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    private String checkSelector(ServletRequest servletRequest, String str) {
        if (DefaultSocialGetServlet.DEFAULT_SELECTOR.equals(str)) {
            return str;
        }
        if (!str.startsWith("social-")) {
            return null;
        }
        try {
            servletRequest.setAttribute(SaferSlingPostValidator.POST_DEPTH_ATTRIBUTE, Integer.valueOf(Integer.parseInt(str.substring(str.lastIndexOf(45) + 1))));
        } catch (NumberFormatException e) {
        }
        if (str.contains("-drop-selectors-")) {
            servletRequest.setAttribute(DROP_SELECTORS_ATTRIBUTE, true);
        }
        return str;
    }

    private String checkSelectors(SlingHttpServletRequest slingHttpServletRequest, RequestPathInfo requestPathInfo) {
        for (String str : requestPathInfo.getSelectors()) {
            String checkSelector = checkSelector(slingHttpServletRequest, str);
            if (checkSelector != null) {
                return checkSelector;
            }
        }
        return null;
    }

    private String checkSuffix(SlingHttpServletRequest slingHttpServletRequest, RequestPathInfo requestPathInfo) {
        String suffix = requestPathInfo.getSuffix();
        if (suffix == null) {
            return null;
        }
        String[] split = suffix.substring(suffix.lastIndexOf(47) + 1).split("[.]");
        if (split.length <= 2) {
            return null;
        }
        for (int i = 1; i < split.length - 1; i++) {
            String checkSelector = checkSelector(slingHttpServletRequest, split[i]);
            if (checkSelector != null) {
                return checkSelector;
            }
        }
        return null;
    }

    private void include(SlingHttpServletRequest slingHttpServletRequest, ServletResponse servletResponse, RequestPathInfo requestPathInfo, String str) throws ServletException, IOException {
        if (((String) slingHttpServletRequest.getAttribute(SaferSlingPostServlet.class.getName())) == null) {
            slingHttpServletRequest.setAttribute(SaferSlingPostServlet.class.getName(), ExactTargetConstants.TRUE);
            RequestDispatcherOptions requestDispatcherOptions = new RequestDispatcherOptions();
            if (!DefaultSocialGetServlet.DEFAULT_SELECTOR.equals(str)) {
                requestDispatcherOptions.setReplaceSelectors("social." + requestPathInfo.getSelectorString());
            }
            if (str.contains("-force-intercept-")) {
                requestDispatcherOptions.setForceResourceType(POST_SERVLET_RESOURCE_TYPE);
            }
            slingHttpServletRequest.getRequestDispatcher(slingHttpServletRequest.getRequestPathInfo().getResourcePath(), requestDispatcherOptions).include(slingHttpServletRequest, servletResponse);
        }
    }

    @Override // org.apache.sling.api.servlets.OptingServlet
    public boolean accepts(SlingHttpServletRequest slingHttpServletRequest) {
        return slingHttpServletRequest.getAttribute(ACCEPTED_ATTRIBUTE) == null;
    }

    protected void bindValidator(SaferSlingPostValidator saferSlingPostValidator) {
        this.validator = saferSlingPostValidator;
    }

    protected void unbindValidator(SaferSlingPostValidator saferSlingPostValidator) {
        if (this.validator == saferSlingPostValidator) {
            this.validator = null;
        }
    }
}
